Authentication

Unused user with console logon

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks

Description

RAM User in Alibaba Cloud can log in to the console using username and password, or access resources programmatically with access keys. Users that have not used their password in the last 90 days should have their console logon disabled. This reduces the opportunity that a neglected user or a user with compromised password will be used by an attacker. The user {AliCloudUser} (ID: {AliCloudUser.UserId}) hasn't logged in recently, and therefore, the console logon should be disabled.
  • Recommended Mitigation

    Disable the console logon using the console, or remove the login profile of the user using the CLI.